package timing.ukulele.auth.security.type.sms;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.http.HttpMethod;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.servlet.util.matcher.PathPatternRequestMatcher;
import org.springframework.util.StringUtils;
import timing.ukulele.auth.security.LoginTypeEnum;
import timing.ukulele.auth.security.SecurityUtils;
import timing.ukulele.auth.support.RedisOperator;
import timing.ukulele.common.constant.PrefixConstant;

public class SmsCodeAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
    private boolean postOnly = true;
    private final String mobileParameter = "mobile";
    private final String codeParameter = "code";
    private final RedisOperator<String> stringRedisOperator;

    public SmsCodeAuthenticationFilter(RedisOperator<String> stringRedisOperator) {
        super(PathPatternRequestMatcher.withDefaults().matcher(HttpMethod.POST,LoginTypeEnum.MOBILE_CODE.getPath()));
        this.stringRedisOperator = stringRedisOperator;
    }

    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {
        if (this.postOnly && !request.getMethod().equals("POST")) {
            throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
        } else {
            String mobile = this.obtainMobile(request);
            mobile = mobile != null ? mobile : "";
            String code = this.obtainCode(request);
            code = code != null ? code : "";
            if (!(StringUtils.hasLength(mobile) && StringUtils.hasLength(code))) {
                throw new AuthenticationServiceException("参数错误");
            } else {
                // TODO 校验短信验证码
                String key=PrefixConstant.SMS_CODE + mobile;
                String cachedCode = stringRedisOperator.get(key);
                if(cachedCode==null||!cachedCode.equalsIgnoreCase(code)){
                    throw new AuthenticationServiceException("验证码错误或已过期");
                }
                stringRedisOperator.delete(key);
            }
            SmsCodeAuthenticationToken authRequest = new SmsCodeAuthenticationToken(mobile);
            this.setDetails(request, authRequest);
            return this.getAuthenticationManager().authenticate(authRequest);
        }
    }

    protected String obtainMobile(HttpServletRequest request) {
        String encryptedMobile = request.getParameter(this.mobileParameter);
        if (StringUtils.hasLength(encryptedMobile)) {
            return SecurityUtils.decryptPassword(encryptedMobile);
        }
        return null;
    }

    protected String obtainCode(HttpServletRequest request) {
        String encryptedCode = request.getParameter(this.codeParameter);
        if (StringUtils.hasLength(encryptedCode)) {
            return SecurityUtils.decryptPassword(encryptedCode);
        }
        return null;
    }

    protected void setDetails(HttpServletRequest request, SmsCodeAuthenticationToken authRequest) {
        authRequest.setDetails(this.authenticationDetailsSource.buildDetails(request));
    }

    public void setPostOnly(boolean postOnly) {
        this.postOnly = postOnly;
    }
}